Skip to content
This repository has been archived by the owner on Jan 27, 2021. It is now read-only.

Implement new accounts API query options #30

Closed
wants to merge 8 commits into from
Closed

Implement new accounts API query options #30

wants to merge 8 commits into from

Conversation

butonic
Copy link
Member

@butonic butonic commented May 7, 2020
edited
Loading

We updated the api to follow the google recommendations and use LDAP as the storage backend.

  • we introduce a new ldap attribute ownclouduuid to store a uuid for ocis accounts

part of https://github.com/owncloud/ocis-glauth/issues/13

@butonic butonic marked this pull request as draft May 7, 2020 16:56
@butonic butonic self-assigned this May 7, 2020
@butonic butonic added the enhancement New feature or request label May 7, 2020
@butonic butonic mentioned this pull request May 7, 2020
Closed
@butonic butonic requested a review from refs May 7, 2020 16:59
refs
refs reviewed May 8, 2020
View reviewed changes
pkg/account/accounts.go Outdated Show resolved Hide resolved
@butonic butonic requested a review from refs May 8, 2020 17:09
@butonic
Copy link
Member Author

butonic commented May 8, 2020

@refs any Idea how we could provision users?
I guess we need a cli to add them?
This is a marshaled account I wrote by hand:

{
  "key": "1-2-3-4",
  "payload": {
    "account": {
      "issuer": "https://localhost:9200",
      "password": "relativity",
      "standard_claims": {
        "sub": "1234",
        "preferred_username": "einstein",
        "name": "Albert Einstein",
        "given_name": "Albert",
        "family_name": "Einstein"
      }
    }
  }
}

password is not encrypted ... hm need to fix that

@butonic butonic mentioned this pull request May 11, 2020
Closed
@butonic butonic changed the title Update accounts API Implement new accounts API query options May 11, 2020
@refs
Copy link
Member

refs commented May 19, 2020

@refs any Idea how we could provision users?
I guess we need a cli to add them?
This is a marshaled account I wrote by hand:

{
  "key": "1-2-3-4",
  "payload": {
    "account": {
      "issuer": "https://localhost:9200",
      "password": "relativity",
      "standard_claims": {
        "sub": "1234",
        "preferred_username": "einstein",
        "name": "Albert Einstein",
        "given_name": "Albert",
        "family_name": "Einstein"
      }
    }
  }
}

password is not encrypted ... hm need to fix that

I think the import command was meant to do that 🤔

@butonic butonic requested a review from refs May 20, 2020 16:26
This was referenced May 22, 2020
Closed
Merged
@refs refs added the blocked MUST be merged after the blocking PR label May 22, 2020
@refs
Copy link
Member

refs commented May 22, 2020

Adding the Blocked label because #22 will be merged first. Once we merge all PR on ocis, ocis-accounts, ocis-settings and ocis-proxy, work on this will resume.

This was referenced May 22, 2020
Closed
Merged
@IljaN
Copy link
Member

IljaN commented May 28, 2020

I think the import command was meant to do that

This is strictly for migrating users from another source. The accounts-service should have a seperate command to create users from cli.

@butonic
Update accounts API
02ac052 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
@butonic
rewrite API, talk to ldap
9151ddd 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
@butonic
Copy link
Member Author

butonic commented Jun 2, 2020

rebased on #22, unblocking

@butonic butonic removed the blocked MUST be merged after the blocking PR label Jun 2, 2020
@butonic
Copy link
Member Author

butonic commented Jun 2, 2020

will implement query parsing tomorrow

@butonic
parse odata query and build ldap filter
0b441a8 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
@butonic butonic mentioned this pull request Jun 8, 2020
Open
19 tasks
@butonic
add graph api properties
d83a701 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
@butonic
add filed mask
c2352ae 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
@butonic
Use reasonable set of properties
3957950 
ocis-graph will be responsible for building graph api resources like
user and groups as well as their relationships. ocis accounts deals
users and groups with all properties necessary to provision user
accounts.

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
@butonic butonic force-pushed the update-accounts-api branch 2 times, most recently from dc4919a to eab0a24 Compare June 11, 2020 11:03
@butonic
clarify implementation, revert to ldap as storage backend
bea2f1b 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
@butonic
initial create user support
28329c4 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
@ownclouders
Copy link

Codacy Here is an overview of what got changed by this pull request:

Complexity increasing per file
==============================
- pkg/provider/ldap.go  16
- pkg/service/v0/service.go  13
- pkg/provider/ldap_test.go  4

See the complete overview on Codacy

@butonic
Copy link
Member Author

butonic commented Jun 15, 2020

It turns out upstream does not implement LdapAdd or LdapDelete messages, so we will change the architecture to a sync based approach where all users and groups are stored by ocis-accounts directly.

We will revisit this when time permits. For now we are going with a sync based approach in a new PR.

@butonic butonic closed this Jun 15, 2020
This was referenced Jun 16, 2020
Merged
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@refs refs Awaiting requested review from refs

Assignees

@butonic butonic

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@butonic @refs @IljaN @ownclouders